EU Home Affairs Sub-Committee reports on Data Protection & Brexit

UK Government & Data Protection

Share This Post

The House of Lords EU Home Affairs Sub-Committee has published a report on data protection in the UK, post-Brexit.

The report “Brexit: the EU Data Protection Package” came about because of the Sub-Committee’s “routine scrutiny of EU legislative proposals, but also forms part of the coordinated series of Brexit-themed inquiries launched by the European Union Committee and its six Sub-Committees following the referendum on 23 June 2016, which aim to shed light on the main issues likely to arise in negotiations on the UK’s exit from, and future partnership with, the European Union”.

The Sub-Committee supports the governments objectives as set out in the Government’s white paper regarding the UK’s exit from Europe (see here for more detail) but the Sub-Committee highlights that it is “struck” by the lack of detail about how data flows across the EU to and from the UK will be impacted post-Brexit and what the Government’s doing about it.

The report highlights that post-Brexit the UK will be seen as a “third country” for data protection. This means that even though the UK will have engrained the General Data Protection Regulation (GDPR) into UK law at the point of leaving Europe, not being part of Europe will mean the UK will be impacted by the GDPR’s control over the transfer and processing of EU data outside the EU. Or put another way, the UK will be in the same position as the US currently is.

The Sub-Committee proposes the UK Government should aim for adequacy statements from the EU which will confirm that the UK’s data protection regime is adequate. This seems to be preferred to the alternative which is for individual data controllers and processors to ensure they provide adequate safeguards via “Standard Contractual Clauses” or “Binding Corporate Rules” (see here, for existing examples). However, there is an issue that the EU only issues adequacy decisions to third countries which the UK won’t be until Brexit which means there be a period of uncertainty – the Sub-Committee recognises this as a particular issue for law enforcement and national security and is therefore urging the Government to consider this as part of Brexit transitional agreements.

The Sub-Committee also urges the Government to negotiate ongoing Information Commissioner’s involvement in the European Data Protection Board (the EU wide body of regulators) to ensure we have some influence on EU policy makers when it comes to data protection rules. The issue here is, as the report puts it, there won’t be a “clean break” when it comes to data protection law because if we’re to continue to work across the EU will need to have adequate data protection rules in place, and if we can’t influence any future discussion or change to the rules, the UK will be at a disadvantage.

The report is likely to be debated in the House and can be read in full here.

More To Explore

Eat. Sleep. GDPR. Repeat.

We live and breathe GDPR and ePrivacy compliance, so you don’t have too. Our GDPR UNLIMITED helpline is all about offering you help and support, whenever you need it most. As well as the unlimited helpline, you get up to 4 hours “hands-on” help each month, which we can configure to help you in anyway you need such as a GDPR review, or acting as your DPO.

As well as the unlimited helpline and hands-on help you get GDPR and privacy updates, access to our GDPR knowledge centre and webinars.

Unlimited email & phone support

Unlimited email and phone support. Email or organise a voice call as often as you need each month.​

Up to 4 hours "hands-on" help per month

We use these "hands-on" hours to do the GDPR work for you, such as reviews, acting as your DPO, checking DPIA, dealing with breaches, training your staff, etc. (Additional hours: £100+VAT per hour)

Online resources

Our Knowledge Centre gives you access to information, guidance, topic related guides and other tools to support your GDPR and PECR compliance

Updates, alerts & briefings

We provide updates and alerts and a monthly compliance briefing. You can either sign into the Knowledge Centre or sign up via email to receive an email every time we add a new update or alert

DPO services

Whether mandated or not we can act as your Data Protection Officer (DPO) and manage your day to day compliance

Webinars, workshops & training

Whether updates on the latest issue, workshops or team training, it's all included in your monthly retainer.

LIKE WHAT YOU'RE READING? join our email list

Sign up for monthly briefings and the occasional emails about our webinars and services

Want to know more about how we use your data? Check out our privacy policy